FTC Fines Tech Giants for Violating Kids' Privacy

Privacy advocates and the FTC are putting pressure on a number of major tech companies, including Apple, Amazon and Yelp, for allowing children to register on their sites. What's the big deal? It's not about kiddie porn or fears that a child will hook up with a molester. It's something a lot less dramatic, but still very important.

When children register on certain sites they can buy stuff without the approval of their parents. Kids' email addresses, and other potentially sensitive information, are passed on to third parties that might try sell them even more stuff. Spam bots and other mechanisms can also pick up email addresses, leading to a barrage of messages that parents would not want their kids to receive.

This is an ongoing issue and you've got to wonder if the fines that the government is levying against tech companies are enough to convince these super rich outfits to get their acts together.

Earlier this week, Yelp agreed to pay a $450,000 fine to the FTC, and TinyCo, a toy maker, will also fork over $300,000 as part of a settlement. The FTC accused both companies of violating privacy rules by not properly screening minors in its registration process.

Those two companies are hardly alone. In July, the FTC sued Amazon after it received thousands of complaints from parents regarding in-app charges incurred by their kids without permission.

Amazon's Appstore is preloaded on the company's Kindle tablets and is available for download on an array of Android smartphones and tablets. In a complaint filed in U.S. District Court in Seattle, the FTC said, "Amazon controls the billing process for in-app charges and retains 30 percent of all revenue from in-app charges, amounting to tens of millions of dollars to date."

The FTC recently settled similar charges with Apple. In that case, the FTC charged Apple with "billing consumers for millions of dollars of charges incurred by children in kids' mobile apps without their parents' consent." Under the terms of the settlement, Apple must provide a refund for affected consumers and must change its billing practices to ensure that it has obtained express, informed consent from consumers before charging them for items sold via mobile apps.

Google agreed to settle similar charges with the FTC and repay $19 million to consumers whose children were allegedly deceived into making mobile purchases through the Android app store.

It doesn't look like Yelp was making big bucks by allowing minors to sign up. But the FTC's complaint against the company alleges that, from 2009 to 2013, it collected personal information from children through the Yelp app without first notifying parents and obtaining their consent.

According to the complaint, several thousand registrants provided a date of birth showing they were under 13 years old, but Yelp still collected personal information, including names, email addresses and locations.

Yelp commented on the settlement in a blog post, saying "Yelp doesn't promote itself as a place for children, and we certainly don't expect or encourage them to write reviews about their plumbers, dentists, or latest gastronomic discoveries. We're glad to have been able to cooperate with the FTC to get to a quick resolution and look forward to continuing our efforts to protect our users."

Sounds good, but I think there needs to be a more concerted effort on the part of the tech giants to stop such exploitive practices.

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.